We present to you a new version of Spadaj plugin it has a function to block connectivity with the site, which are implemented by sending forms of foreign addresses with POST method. Such forms are attacking weaknesses of Joomla extensions. In the case of the known and expected call sites (eg. Service payments) should be allowed to fill in the IP field. Besides that plugin allows you to hide the administrator password (others depending on the indicated groups) while trying to display the password when SQL Injection Attack.
This functionality You can check by starting form from package. Example of form address: http://www.site_address.pl address should be changed to your own site, send from your computer and check whether Get Lost blocking the connection and that stores information about the attack in the form of the configuration set in the plugin. Plugin Get lost also allows hiding administrator password and other user during SQL Injection Attack.
The attack involves collecting and displaying the user's password stored in the database. Decoding for the stubborn apparently not a problem. Protection is to deceive the attacker by showing him an incorrect password or turn out very well behaved with a message eg.: "Get Lost to the tree.".